06-06-2011 04:59 AM - edited 03-11-2019 01:42 PM
I have a question regarding the merging of 2 networks and NAT. The networks and interface names have been changed to simplify the diagram below.
The 192.168.0.0 network has never used a NAT translation to connect to the server 1.1.1.1. The 172.17.0.0 network used to sit on another interface which required NAT and has been moved.
Can I create a NAT translation based on a network range?
I have resolved this issue by using a NAT exemption for the 192.168.0.0 network but I like the flexibility NAT based on the source network (Checkpoint NAT is configured in this way).
Thanks in advance
06-06-2011 08:18 AM
Which version of code on the ASA?
On which interface does 172.17.0.0/16 terminate?
06-07-2011 01:28 AM
The code version is 8.05. 172.17.0.0/16 was an external network to a third party but has been brought onto the corporate network on the inside interface. The 192.168.0.0/24 was always a trusted network and didn't require NAT. The server sits on our DMZ.
If this was a new network connection we would not use NAT but there are so many applications from the 172.17/16 range using the NAT address that this is not viable.
06-06-2011 10:23 AM
You can create a NAT entry for 1.1.1.1 and then restrict by access list to source network. That will NAT it for everything talking to it through the outside (of which ever interface 172.17.0.0 is plugged into) interface.
06-07-2011 01:33 AM
Sounds like what I am looking for. Can you point me in the right direction for examples or documentation?
06-07-2011 04:46 AM
If the 172.17.0.0 is behind your inside interface, then you do not need NAT between it and 1.1.1.1 in your DMZ, simply make sure the ASA has the proper route to 172.17.0.0 in your internal network.
This might help:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide